git-watchtower 1.12.7 → 1.13.1

package/bin/git-watchtower.js

@@ -102,6 +102,7 @@ const store = new Store();
 // Web dashboard server
 const { WebDashboardServer } = require('../src/server/web');
 const { Coordinator, Worker, generateProjectId, getActiveCoordinator, tryAcquireLock, finalizeLock, removeLock, removeSocket, isProcessAlive } = require('../src/server/coordinator');
+const monitorLock = require('../src/utils/monitor-lock');
 
 const PROJECT_ROOT = process.cwd();
 
@@ -1003,8 +1004,12 @@ function getCasinoMessage(type) {
 function addLog(message, type = 'info') {
   const icons = { info: '○', success: '✓', warning: '●', error: '✗', update: '⟳' };
   const colors = { info: 'white', success: 'green', warning: 'yellow', error: 'red', update: 'cyan' };
+  // Collapse any whitespace (newlines, tabs, CRs) into a single space so that
+  // multi-line content (e.g. git stderr from a failed auto-pull) cannot leak
+  // cursor movement into the rendered box and corrupt the surrounding UI.
+  const safeMessage = String(message == null ? '' : message).replace(/\s+/g, ' ').trim();
   const entry = {
-    message, type,
+    message: safeMessage, type,
     timestamp: new Date().toLocaleTimeString(),
     icon: icons[type] || '○',
     color: colors[type] || 'white',
@@ -3347,6 +3352,14 @@ function restartProcess() {
   }
   stopWebDashboard();
 
+  // Release the per-repo monitor lock before spawning the replacement, so the
+  // child can acquire it. The parent stays alive waiting on child.on('close'),
+  // so without this the child sees the parent as an active owner and refuses.
+  if (monitorLockFile) {
+    try { monitorLock.release(monitorLockFile); } catch (_) { /* ignore */ }
+    monitorLockFile = null;
+  }
+
   console.log('\n♻ Restarting git-watchtower...\n');
 
   const { spawn: spawnChild } = require('child_process');
@@ -3368,6 +3381,9 @@ function restartProcess() {
 
 let isShuttingDown = false;
 let _resourcesCleaned = false;
+// Path of the per-repo monitor lock we own, if any. Set during start() and
+// cleared in cleanupResources() after release.
+let monitorLockFile = null;
 
 /**
  * Idempotent, best-effort cleanup of every long-lived resource we own:
@@ -3423,6 +3439,13 @@ function cleanupResources() {
 
   // Web dashboard + worker/coordinator (unlinks lock file + IPC socket)
   try { stopWebDashboard(); } catch (_) { /* ignore */ }
+
+  // Per-repo monitor lock — release last so the slot stays reserved for the
+  // entire lifetime of this process, including any errors in the steps above.
+  if (monitorLockFile) {
+    try { monitorLock.release(monitorLockFile); } catch (_) { /* ignore */ }
+    monitorLockFile = null;
+  }
 }
 
 async function shutdown() {
@@ -3489,6 +3512,44 @@ async function start() {
     process.exit(1);
   }
 
+  // Single-instance guard (per repo). Two TUIs rendering to the same terminal
+  // stomp on each other's frames — selection cursor bounces between their
+  // independent selectedIndex values, the activity log flips between two
+  // buffers, and each sees the other's `git checkout` as an "external" switch.
+  // Acquire before any TTY writes so a refusal leaves the user's prompt clean.
+  const lockResult = monitorLock.acquire(PROJECT_ROOT);
+  if (!lockResult.acquired) {
+    if (cliArgs.force) {
+      console.error(
+        ansi.yellow + '⚠ Warning: another git-watchtower (PID ' +
+        lockResult.existing.pid + ') is already running against this repo. ' +
+        'Continuing due to --force.' + ansi.reset
+      );
+    } else {
+      const existing = lockResult.existing || {};
+      console.error('\n' + ansi.red + ansi.bold +
+        '✗ Error: git-watchtower is already running against this repository' + ansi.reset);
+      console.error('\n  Existing PID: ' + ansi.bold + (existing.pid || 'unknown') + ansi.reset);
+      if (existing.startedAt) {
+        const ageMs = Date.now() - existing.startedAt;
+        const ageStr = ageMs < 60000
+          ? Math.round(ageMs / 1000) + 's'
+          : Math.round(ageMs / 60000) + 'm';
+        console.error('  Started:      ' + ageStr + ' ago');
+      }
+      console.error('  Repo:         ' + PROJECT_ROOT);
+      console.error('  Lock file:    ' + lockResult.file);
+      console.error('\n  Running two instances against the same repo makes the TUI');
+      console.error('  unusable (selection bouncing, flipping logs, CURRENT label');
+      console.error('  snap-back). Stop the other instance first:');
+      console.error('\n    ' + ansi.bold + 'kill ' + (existing.pid || '<pid>') + ansi.reset);
+      console.error('\n  Or pass --force to override (not recommended).\n');
+      process.exit(1);
+    }
+  } else {
+    monitorLockFile = lockResult.file;
+  }
+
   // Load or create configuration
   const config = await ensureConfig(cliArgs);
   applyConfig(config);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "git-watchtower",
-  "version": "1.12.7",
+  "version": "1.13.1",
   "description": "Terminal-based Git branch monitor with activity sparklines and optional dev server with live reload",
   "main": "bin/git-watchtower.js",
   "bin": {

package/src/cli/args.js

@@ -22,6 +22,7 @@ const { version: PACKAGE_VERSION } = require('../../package.json');
  * @property {boolean} casino - Enable casino mode
  * @property {boolean} web - Enable web dashboard mode
  * @property {number|null} webPort - Web dashboard port override
+ * @property {boolean} force - Bypass the single-instance lock for this repo
  * @property {string[]} errors - Validation errors encountered during parsing
  */
 
@@ -56,6 +57,7 @@ function parseArgs(argv, options = {}) {
     // Actions
     init: false,
     casino: false,
+    force: false,
     // Parsing errors
     errors: [],
   };
@@ -151,6 +153,8 @@ function parseArgs(argv, options = {}) {
     // Actions and info
     else if (args[i] === '--init') {
       result.init = true;
+    } else if (args[i] === '--force') {
+      result.force = true;
     } else if (args[i] === '--version' || args[i] === '-v') {
       if (options.onVersion) {
         options.onVersion(PACKAGE_VERSION);
@@ -277,6 +281,8 @@ Web Dashboard:
 
 General:
   --init                  Run the configuration wizard
+  --force                 Allow starting even if another instance is running
+                          against this repo (not recommended)
   -v, --version           Show version number
   -h, --help              Show this help message
 

package/src/utils/monitor-lock.js

@@ -0,0 +1,172 @@
+/**
+ * Per-repository single-instance lock for the CLI monitor.
+ *
+ * Prevents two `git-watchtower` TUI processes from running against the same
+ * repository at the same time — without this, both render to the same TTY,
+ * stomping on each other's frames (selection cursor bounces between their
+ * independent selectedIndex values, CURRENT label flips while one process
+ * lags the other's checkout, activity log flips between two buffers, etc.).
+ *
+ * The lock file lives at `~/.watchtower/monitor-<sha1(repoRoot)>.lock` and
+ * contains `{ pid, startedAt, cwd }`. We use the same atomic
+ * `fs.openSync(..., 'wx')` pattern as {@link module:server/coordinator} so
+ * two processes racing to acquire cannot both succeed. Dead-owner locks are
+ * treated as stale and cleaned up.
+ *
+ * Zero runtime dependencies — only Node built-ins.
+ *
+ * @module utils/monitor-lock
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+const WATCHTOWER_DIR = path.join(os.homedir(), '.watchtower');
+
+/**
+ * Check if a process with the given PID is alive.
+ * @param {number} pid
+ * @returns {boolean}
+ */
+function isProcessAlive(pid) {
+  if (!pid || typeof pid !== 'number') return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (e) {
+    // ESRCH = no such process; EPERM = exists but owned by another user
+    return e.code === 'EPERM';
+  }
+}
+
+/**
+ * Compute the lock file path for a given repo root.
+ * @param {string} repoRoot - Absolute path to the repo
+ * @returns {string}
+ */
+function lockFilePath(repoRoot) {
+  const hash = crypto.createHash('sha1').update(repoRoot).digest('hex').slice(0, 16);
+  return path.join(WATCHTOWER_DIR, `monitor-${hash}.lock`);
+}
+
+function ensureDir() {
+  if (!fs.existsSync(WATCHTOWER_DIR)) {
+    fs.mkdirSync(WATCHTOWER_DIR, { recursive: true });
+  }
+}
+
+/**
+ * Read and parse a lock file. Returns null on any I/O or parse error.
+ * @param {string} file
+ * @returns {{ pid: number, startedAt?: number, cwd?: string } | null}
+ */
+function readLock(file) {
+  try {
+    if (!fs.existsSync(file)) return null;
+    const data = JSON.parse(fs.readFileSync(file, 'utf8'));
+    if (!data || typeof data.pid !== 'number') return null;
+    return data;
+  } catch (e) {
+    return null;
+  }
+}
+
+function removeLock(file) {
+  try { fs.unlinkSync(file); } catch (e) { /* ignore */ }
+}
+
+/**
+ * @typedef {Object} AcquireResult
+ * @property {true}  acquired
+ * @property {string} file  - Path of the lock we now own
+ *
+ * @typedef {Object} ConflictResult
+ * @property {false} acquired
+ * @property {'busy'} reason
+ * @property {string} file
+ * @property {{ pid: number, startedAt?: number, cwd?: string }} existing
+ */
+
+/**
+ * Atomically try to acquire the monitor lock for the given repo.
+ *
+ * - If the lock file doesn't exist, create it exclusively and return acquired.
+ * - If it exists but the owning PID is dead (stale), remove it and retry.
+ * - If it exists and the owning PID is alive, return busy.
+ *
+ * @param {string} repoRoot - Absolute path to the repo
+ * @param {Object} [opts]
+ * @param {number} [opts.pid] - PID to record (defaults to process.pid)
+ * @returns {AcquireResult | ConflictResult}
+ */
+function acquire(repoRoot, opts = {}) {
+  if (typeof repoRoot !== 'string' || !repoRoot) {
+    throw new TypeError('acquire: repoRoot must be a non-empty string');
+  }
+  ensureDir();
+  const pid = opts.pid || process.pid;
+  const file = lockFilePath(repoRoot);
+  const payload = JSON.stringify({ pid, startedAt: Date.now(), cwd: repoRoot });
+
+  // One retry after stale-lock cleanup — matches coordinator.js's approach.
+  // A second race loss after cleanup is surfaced as busy rather than looping
+  // indefinitely against a hostile or rapidly-respawning peer.
+  for (let attempt = 0; attempt < 2; attempt++) {
+    try {
+      const fd = fs.openSync(file, 'wx');
+      try {
+        fs.writeSync(fd, payload + '\n');
+      } finally {
+        fs.closeSync(fd);
+      }
+      return { acquired: true, file };
+    } catch (err) {
+      if (err.code !== 'EEXIST') throw err;
+
+      const existing = readLock(file);
+      if (existing && isProcessAlive(existing.pid)) {
+        return { acquired: false, reason: 'busy', file, existing };
+      }
+      // Stale lock — owner is dead or file is unreadable garbage. Clean up and retry.
+      removeLock(file);
+    }
+  }
+
+  // Lost the retry race to another starter; treat as busy.
+  const existing = readLock(file);
+  return {
+    acquired: false,
+    reason: 'busy',
+    file,
+    existing: existing || { pid: 0 },
+  };
+}
+
+/**
+ * Release a previously acquired lock. Only removes the file if the PID inside
+ * matches the given (or current) PID — guards against deleting a lock that
+ * was reacquired by a different process after our own stale cleanup.
+ *
+ * @param {string} file - Lock file path returned from acquire()
+ * @param {Object} [opts]
+ * @param {number} [opts.pid] - PID to check against (defaults to process.pid)
+ */
+function release(file, opts = {}) {
+  if (!file) return;
+  const pid = opts.pid || process.pid;
+  const existing = readLock(file);
+  if (existing && existing.pid === pid) {
+    removeLock(file);
+  }
+}
+
+module.exports = {
+  acquire,
+  release,
+  lockFilePath,
+  readLock,
+  isProcessAlive,
+  WATCHTOWER_DIR,
+};